comt: src/cm/media/js/lib/yui/yui_3.10.3/build/escape/escape-debug.js@89ef5ed3c48b (annotated)

Mercurial Mercurial > comt / annotate

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help

src/cm/media/js/lib/yui/yui_3.10.3/build/escape/escape-debug.js

author	gibus
	Tue, 16 Jul 2013 14:29:46 +0200
changeset 525	89ef5ed3c48b
permissions	-rw-r--r--

Upgrades to yui 3.10.3

525 89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	1	/*
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	2	YUI 3.10.3 (build 2fb5187)
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	3	Copyright 2013 Yahoo! Inc. All rights reserved.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	4	Licensed under the BSD License.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	5	http://yuilibrary.com/license/
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	6	*/
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	7
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	8	YUI.add('escape', function (Y, NAME) {
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	9
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	10	/**
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	11	Provides utility methods for escaping strings.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	12
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	13	@module escape
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	14	@class Escape
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	15	@static
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	16	@since 3.3.0
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	17	**/
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	18
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	19	var HTML_CHARS = {
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	20	'&': '&',
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	21	'<': '<',
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	22	'>': '>',
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	23	'"': '"',
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	24	"'": ''',
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	25	'/': '/',
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	26	'`': '`'
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	27	},
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	28
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	29	Escape = {
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	30	// -- Public Static Methods ------------------------------------------------
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	31
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	32	/**
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	33	Returns a copy of the specified string with special HTML characters
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	34	escaped. The following characters will be converted to their
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	35	corresponding character entities:
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	36
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	37	& < > " ' / `
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	38
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	39	This implementation is based on the [OWASP HTML escaping
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	40	recommendations][1]. In addition to the characters in the OWASP
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	41	recommendations, we also escape the <code>`</code> character, since IE
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	42	interprets it as an attribute delimiter.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	43
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	44	If _string_ is not already a string, it will be coerced to a string.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	45
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	46	[1]: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	47
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	48	@method html
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	49	@param {String} string String to escape.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	50	@return {String} Escaped string.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	51	@static
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	52	**/
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	53	html: function (string) {
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	54	return (string + '').replace(/[&<>"'\/`]/g, Escape._htmlReplacer);
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	55	},
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	56
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	57	/**
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	58	Returns a copy of the specified string with special regular expression
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	59	characters escaped, allowing the string to be used safely inside a regex.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	60	The following characters, and all whitespace characters, are escaped:
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	61
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	62	- $ ^ * ( ) + [ ] { } \| \ , . ?
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	63
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	64	If _string_ is not already a string, it will be coerced to a string.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	65
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	66	@method regex
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	67	@param {String} string String to escape.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	68	@return {String} Escaped string.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	69	@static
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	70	**/
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	71	regex: function (string) {
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	72	// There's no need to escape !, =, and : since they only have meaning
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	73	// when they follow a parenthesized ?, as in (?:...), and we already
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	74	// escape parens and question marks.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	75	return (string + '').replace(/[\-$\^*()+\[\]{}\|\\,.?\s]/g, '\\$&');
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	76	},
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	77
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	78	// -- Protected Static Methods ---------------------------------------------
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	79
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	80	/**
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	81	* Regex replacer for HTML escaping.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	82	*
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	83	* @method _htmlReplacer
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	84	* @param {String} match Matched character (must exist in HTML_CHARS).
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	85	* @return {String} HTML entity.
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	86	* @static
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	87	* @protected
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	88	*/
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	89	_htmlReplacer: function (match) {
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	90	return HTML_CHARS[match];
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	91	}
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	92	};
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	93
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	94	Escape.regexp = Escape.regex;
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	95
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	96	Y.Escape = Escape;
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	97
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	98
89ef5ed3c48b Upgrades to yui 3.10.3 gibus parents: diff changeset	99	}, '3.10.3', {"requires": ["yui-base"]});

comt